Oct 01 2020 06:17 PM
Hi there,
I created a conditional access policy to block all locations, excluding Australia and Singapore. This works great for users logging in using IPv4, however it blocks those using IPv6. I logged a call with MS and got confirmation that "at the moment by Design, the Countries tab in Conditional Access feature does not include IPV6 addresses option. It only covers IPV4.".
One of the largest ISPs (if not the largest) here in Australia uses dynamic IPv6 by default! Loction can't be be mapped to Australia, so conditional access blocks the sign in!
Why can't Conditional Access do an IPv6 lookup? Thats what the team over at APNIC do?
Any thoughts on the matter?
Ta.
Oct 02 2020 12:22 AM
Oct 04 2020 04:55 PM
@Thijs Lecomte Hi there Thijs. What I've had to do is to create a named location and tick the " Include unknown areas" option. I've added this location as an exclusion to the policy. Not ideal, but any IPv6 traffic should now be allowed.